Configure key-based SSH authentication

IMPORTANT: Before following the steps below, ensure that your application server is running.

To configure the SSH server to support key-based authentication, follow these steps:

  • Log in to the server console as the bitnami user.

  • Create a key pair, consisting of a public and private key, as shown below. Set a long passphrase when prompted.

      $ ssh-keygen
      Generating public/private rsa key pair.
      Enter file in which to save the key (/home/bitnami/.ssh/id_rsa):
      Enter passphrase (empty for no passphrase):
      Enter same passphrase again:
      Your identification has been saved in /home/bitnami/.ssh/id_rsa.
      Your public key has been saved in /home/bitnami/.ssh/id_rsa.pub.
      The key fingerprint is:
      XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX bitnami@linux

    This command should create two files named id_rsa and id_rsa.pub in the /home/bitnami/.ssh directory.

  • Copy the private key file named id_rsa to a secure location. Do not share this private key file.

  • Transfer the contents of the public key file to the /home/bitnami/.ssh/authorized_keys file:

      $ cd /home/bitnami/.ssh
      $ cat id_rsa.pub >> /home/bitnami/.ssh/authorized_keys
  • Edit the /etc/ssh/sshd_config and uncomment (or add if not already present) the following lines:

      RSAAuthentication yes
      PubkeyAuthentication yes
  • In the same file, disable basic password authentication (if not already disabled). Uncomment or add the following lines:

      ChallengeResponseAuthentication no
      PasswordAuthentication no
      UsePAM no
  • Restart the SSH server for the new configuration to take effect:

      $ sudo /etc/init.d/ssh force-reload
      $ sudo /etc/init.d/ssh restart

You can now use the private key file to connect to the virtual machine using SSH.

Last modification February 6, 2023